Projects
Targeted Web Attacks
Targeted Web Attacks
Part 2 of Social Networks the New Fingerd
Author david.kierznowski_at_gmail.com
http://michaeldaw.org
1. Introduction
I recently released an article titled, “Social networks the New FingerD”. This article gave an example of using LinkedIn in passive username enumeration attacks. This article will discuss using Search engines and OpenPGP key servers as additional enumeration resources. None of these ideas are [...]
ASP Auditor v2 BETA
ASP auditor v2 BETA
Author david.kierznowski_at_gmail.com
http://michaeldaw.org
purpose: Look for common misconfigurations and information leaks in
ASP.NET applications.
# Changelog:
# –v2.2– 20/Apr/07
# * Added additional support for Anti-XSS Validation detection.
# * Added ASP Source Directory Leak Check
# * Added Apr/07 ASP.NET Validation Bypass Check
#
# –v2.1– 25/Sep/06
# * GET /Trace.axd often leaks ASP.NET version when other methods fail.
# * Fixed “?” [...]
ASP Auditor v1.0 BETA
ASP Auditor v1.0 BETA
Author: David Kierznowski (david.kierznowski_at_gmail.com)
http://michaeldaw.org/projects/
PLEASE NOTE THIS V1.0 IS DEPRECATED.
Please see the following link for the latest information regarding this tool: http://michaeldaw.org/projects/asp-auditor-v2/
The purpose of ASP Auditor is to identify vulnerable and weakly configured ASP.NET servers.
Usage:
$ ./asp-audit.pl
ASP Audit v1.0 (BETA) [ david.kierznowski@gmail.com ]
Usage: [...]
Awakening the Sleeping Giant v1.0
Awaking the Sleeping Giant v1.0
Demystifying Cross Site Scripting Attacks
Author: David Kierznowski (david.kierznowski_at_gmail.com)
http://michaeldaw.org/projects/
Table of contents:
1.0 Introduction
2.0 Summary of paper
3.0 Entry nodes (Where)
4.0 Capabilities (Why)
5.0 Exploits (How)
6.0 Tools
1.0 Introduction:
I assume the person reading this paper will know what XSS [...]
